📦 Go Vuln Dos — Go Vuln Dos

v0.1.0

Use when auditing Go 代码 involving goroutine 管理, channel operations, HTTP request handling, resource allocation, or panic recovery. Covers CWE-400/7...

0· 210·0 当前·0 累计

by @yhy0 (yhy)·MIT-0

下载技能包

License

MIT-0

最后更新

2026/3/14

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is an instruction-only auditor for Go DoS/resource-exhaustion patterns; its instructions, requirements, and included references are consistent with that purpose and do not ask for credentials, installs, or unrelated system access.

评估建议

This skill is an instruction-only auditing checklist for Go DoS/resource-exhaustion issues and appears internally consistent. It only suggests searching source files (grep) and reviewing code patterns and includes case studies. Before installing or invoking: (1) confirm you will run it only against repositories you control or have permission to scan; (2) be wary if an agent using this skill later suggests running wide-ranging shell commands beyond the documented grep checks — review those comman...

详细分析 ▾

✓ 用途与能力

Name and description match the provided SKILL.md and references: the skill is a static/pattern-guided checklist for auditing Go code for DoS/resource-exhaustion issues. It does not request unrelated credentials, binaries, or config paths.

✓ 指令范围

Runtime instructions are detection guidance and grep/inspection commands targeted at Go source code patterns, plus a checklist and real-world case summaries. They do not instruct the agent to read unrelated system files, access environment secrets, or transmit data to external endpoints.

✓ 安装机制

No install spec and no code files — instruction-only. Nothing will be downloaded or written to disk by the skill itself.

✓ 凭证需求

The skill requires no environment variables, credentials, or config paths. No secret/external-service access is requested or implied.

✓ 持久化与权限

always is false and the skill is user-invocable; it does not request permanent presence or modify other skills or agent-wide settings.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv0.1.02026/3/14

Initial release of go-vuln-dos skill for auditing Go code for denial of service risks and resource exhaustion vulnerabilities. - Provides detection guidance for Go-specific CWE-400/770/476 patterns: goroutine leaks, channel deadlocks, panic recover, uncontrolled memory/IO allocations. - Outlines typical sources (external inputs), critical sinks, and effective resource limiting/sanitization techniques. - Offers CLI grep patterns for common DoS vulnerability hotspots in Go code. - Includes detailed checklists for goroutine, memory, IO, panic recovery, and protocol-specific (HTTP/2, WebSocket, protobuf) resource exhaustion risks. - Documents false positive exclusion guidelines and references for real-world vulnerability case studies.

● 无害

安装命令

点击复制

官方npx clawhub@latest install go-vuln-dos

镜像加速npx clawhub@latest install go-vuln-dos --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

数据来源：ClawHub ↗ · 中文优化：龙虾技能库